Configure incident filters

Use filters to display incidents that match specified criteria.

McAfee DLP Endpoint Example: You suspect a particular user has been sending connections containing sensitive data to a range of IP addresses outside the company. You can create a filter to display incidents that match the user name and the range of IP addresses.

Task

  1. In McAfee ePO, select DLP Incident Manager.
  2. From the Present drop-down list, select the option for your product.
  3. From the Filter drop-down list, select (no custom filter) and click Edit.
  4. Configure the filter parameters.
    1. From the Available Properties list, select a property.
    2. Enter the value for the property.
      Note: To add additional values for the same property, click +.
    3. Select additional properties as needed.
      Note: To remove a property entry, click <.
    4. Click Update Filter.
  5. Configure the filter settings.
    1. Next to the Filter drop-down list, click Save.
    2. Select one of these options.
      • Save as new filter — Specify a name for the filter.
      • Override existing filter — Select the filter to save.
    3. Select who can use the filter.
      • Public — Any user can use the filter.
      • Private — Only the user that created the filter can use the filter.
    4. Click OK.

Results

Note: You can also manage filters in the incident manager by selecting ActionsFilter.